US8656471B1ActiveUtility

Virtual requests

91
Assignee: ALLEN NICHOLAS ALEXANDERPriority: Mar 12, 2012Filed: Mar 12, 2012Granted: Feb 18, 2014
Est. expiryMar 12, 2032(~5.7 yrs left)· nominal 20-yr term from priority
H04L 63/08H04L 67/565
91
PatentIndex Score
16
Cited by
4
References
21
Claims

Abstract

A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method for providing request services, comprising:
 under control of one or more computer systems configured with executable instructions,
 receiving, by a request service, a client request according to a first protocol, the client request including information used to construct a virtual request and a claim, the virtual request identifying an independent service and an action, the claim derived at least in part from a client identity and a virtual request signature, the virtual request signature produced by applying keying material, of a client associated with the client request, to the virtual request; 
 constructing a signed request from the virtual request using a format agreement specifying a translation from virtual requests to signed requests, the signed request including a client signature and identifying the client identity and the independent service, a signed portion of the signed request different than the client request; 
 sending the signed request to an authentication service; 
 receiving an issued credential from the authentication service; and 
 sending, by the request service, a service request to the independent service on behalf of the client identity according to a second protocol, the issued credential used to form the service request to perform the action. 
 
 
     
     
       2. The computer-implemented method of  claim 1 , wherein receiving the client request further includes receiving the claim as a username and password through an authentication protocol. 
     
     
       3. The computer-implemented method of  claim 2 , wherein at least one of the username and password encodes one or more additional request parameters, wherein the client request includes the additional request parameters. 
     
     
       4. The computer-implemented method of  claim 3 , wherein the method further includes calculating a signature for the virtual request and using a representation of the signature as the password. 
     
     
       5. The computer-implemented method of  claim 1 , wherein the method further includes receiving the client request according to a first protocol and sending the signed request according to the second protocol, the first protocol and the second protocol being different protocols. 
     
     
       6. The computer-implemented method of  claim 5 , wherein the first protocol and second protocol are different versions of the same protocol. 
     
     
       7. The computer-implemented method of  claim 1 , wherein the virtual request is encoded in a universal resource identifier. 
     
     
       8. A computer-implemented method for providing request services, comprising:
 under control of one or more computer systems configured with executable instructions,
 receiving, by a request service, a client request; 
 constructing a virtual request identifying a second service and an action, the virtual request including a claim derived at least in part from a principal identity and a request signature, the request signature produced by applying keying material to the virtual request; 
 deriving a signed request from at least the virtual request, the derived signed request including a signature based at least in part on the request signature and indicating the principal identity and the second service; and 
 enabling, by the request service, performance of the action based at least in part on the derived signed request. 
 
 
     
     
       9. The method of  claim 8 , wherein the virtual request is received from a client communicating through a protocol unable to accommodate a signature, the signature instead received through a requested username and password. 
     
     
       10. The method of  claim 8 , wherein the method further includes determining whether the request signature matches the virtual request. 
     
     
       11. The method of  claim 10 , wherein determining whether the request signature matches the virtual request further includes:
 sending the signed request to a authentication service; and 
 when the request signature matches the virtual request, receiving an issued credential for use with the second service based at least in part on the signed request. 
 
     
     
       12. The method of  claim 11 , wherein the method further includes sending, by the request service, an application programming interface call, the application programming interface call based at least in part on the issued credential and the action. 
     
     
       13. The method of  claim 8 , wherein deriving a signed request from the virtual request further includes using a format agreement to derive the signed request from the virtual request. 
     
     
       14. The method of  claim 8 , wherein the virtual request further includes a time based component. 
     
     
       15. The method of  claim 14 , wherein the method further includes determining an expiration of the request signature. 
     
     
       16. The method of  claim 8 , wherein the method further includes receiving a format agreement, the format agreement describing a process for constructing signed requests from virtual requests. 
     
     
       17. A computer system for providing virtual requests, comprising:
 one or more processors; and 
 memory, including instructions executable by the one or more processors to cause the computer system to at least:
 receive, by a servicer, a client request; 
 construct a virtual request identifying a second service and an action, the virtual request including a claim derived at least in part from a principal identity and a request signature, the request signature produced by applying keying material to the virtual request; 
 derive a signed request from at least the virtual request, the derived signed request including a signature based at least in part on the request signature and indicating the principal identity and the second service; and 
 enable, by the servicer, performance of the action based at least in part on the derived signed request. 
 
 
     
     
       18. The computer system of  claim 17 , wherein the virtual request includes a time-based component. 
     
     
       19. The computer system of  claim 18 , wherein the method further includes determining if the virtual request has expired based at least in part on the time-based component. 
     
     
       20. The computer system of  claim 17 , wherein the request signature is computed using a private key of an asymmetric cryptographic system. 
     
     
       21. The computer system of  claim 17 , further including instructions causing the computing system to at least receive an issued credential that includes a limited scope, the scope based at least in part on the signed request.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.